Total
3371 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44595 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0. | |||||
| CVE-2022-44574 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 7.5 HIGH |
| An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port. | |||||
| CVE-2022-44569 | 1 Ivanti | 1 Automation | 2024-11-21 | N/A | 7.8 HIGH |
| A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication. | |||||
| CVE-2022-44244 | 1 Lin-cms Project | 1 Lin-cms | 2024-11-21 | N/A | 6.6 MEDIUM |
| An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. | |||||
| CVE-2022-43900 | 1 Ibm | 1 Websphere Automation For Ibm Cloud Pak For Watson Aiops | 2024-11-21 | N/A | 5.3 MEDIUM |
| IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827. | |||||
| CVE-2022-43620 | 1 Dlink | 2 Dir-1935, Dir-1935 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-16142. | |||||
| CVE-2022-43557 | 1 Bd | 14 Bodyguard 121 Twins, Bodyguard 121 Twins Firmware, Bodyguard 323 Colorvision and 11 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump. | |||||
| CVE-2022-43549 | 1 Veeam | 1 Veeam Backup For Google Cloud | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms. | |||||
| CVE-2022-43504 | 1 Wordpress | 1 Wordpress | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7. | |||||
| CVE-2022-43400 | 1 Siemens | 1 Siveillance Video Mobile Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account. | |||||
| CVE-2022-42951 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | N/A | 8.1 HIGH |
| An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials. | |||||
| CVE-2022-42463 | 1 Openharmony | 1 Openharmony | 2024-11-21 | N/A | 8.3 HIGH |
| OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands. | |||||
| CVE-2022-42458 | 1 Shift-tech | 1 Bingo\!cms | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered. | |||||
| CVE-2022-42453 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | N/A | 6.9 MEDIUM |
| There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script. | |||||
| CVE-2022-42233 | 1 Tenda | 2 11n, 11n Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability. | |||||
| CVE-2022-41985 | 1 Weston-embedded | 1 Uc-ftps | 2024-11-21 | N/A | 8.6 HIGH |
| An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability. | |||||
| CVE-2022-41912 | 1 Saml Project | 1 Saml | 2024-11-21 | N/A | 9.1 CRITICAL |
| The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version. | |||||
| CVE-2022-41738 | 2024-11-21 | N/A | 7.5 HIGH | ||
| IBM Storage Scale Container Native Storage Access 5.1.2.1 -through 5.1.7.0 could allow an attacker to initiate connections to containers from external networks. IBM X-Force ID: 237812. | |||||
| CVE-2022-41678 | 1 Apache | 1 Activemq | 2024-11-21 | N/A | 8.8 HIGH |
| Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest can be invoked through refection. This could lead to RCE through via various mbeans. One example is unrestricted deserialization in jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0. | |||||
| CVE-2022-41648 | 1 Heidenhain | 3 Heros, Tnc 640, Tnc 640 Programming Station | 2024-11-21 | N/A | 8.1 HIGH |
| The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTFORD 5A-65E CNC machine is vulnerable to improper authentication, which may allow an attacker to deny service to the production line, steal sensitive data from the production line, and alter any products created by the production line. | |||||